How do I get rid of P2P Networking Spyware?

Discussion in 'privacy problems' started by Hershon, Aug 31, 2004.

Thread Status:
Not open for further replies.
  1. Hershon

    Hershon Registered Member

    Joined:
    Aug 29, 2004
    Posts:
    7
    I've used 6 different spyware programs and everything is great on all of them (AdAware, SpyBot, PestPatrol, etc.) except on NoAdware where P2P Networking keeps coming up. It doesn't come up on any other program except NoAdware and when I delete it, it just comes right back up. I believe maybe this got on my computer when I downloaded the paying adfree versions of Kazaa, Grokster & EDonkey all of which I've now uninstalled. I took the p2p check out of MSCONFIG but it keeps coming back and I risked going into the registry to delete a p2p key and that kept coming back. Does anyone have any other ideas or recommendations before I pay $90 to have a computer technician check this out. I understand p2p networking in the background of my computer could slow down internet and loading applications. Any words of wisdom? Help!
     
  2. Brent

    Brent Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    71
    Look in Add/Remove Programs and see if its there

    If so remove it

    If not then look for the folder in C:/Program Files

    Delete
     
  3. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    If you downloaded any P2P program, you are sure to be hit by this P2P networking spyware. I strongly advise you not to download any P2P program, and to uninstall ALL P2P programs from your computer.
     
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
  5. Hershon

    Hershon Registered Member

    Joined:
    Aug 29, 2004
    Posts:
    7
    How do I know if its a false positive

    First off thanks to NoTok as maybe this is registering a "false positive". But how do I know it's a false positive?

    I should have mentioned earlier that P2P networking is not on my list of programs in the control pannel add/remove programs nor is there a seperate P2p Networking in Program files.

    I uninstalled Kazaa, Edonkey and Grokster (they were all the adfree paying versions). I'm hoping maybe this is bogus spyware registering a false positive.

    Still why can't I uncheck p2p networking in MSCONFIG and have it remain unchecked?
     
  6. slammer_JvA

    slammer_JvA Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    1,588
    Location:
    Below sea-level. Safe and sound behind our dikes:
    Hi Hershon,

    Let me first start with a warm welcome to Wilders; you sure came to the right place with your little problem! With a little patience you will see what I mean.

    I am no expert, but I have some advice you may want to start with:

    First, take a look overhere in the adware, spyware and hijack cleaning section.
    Follow the steps indicated and post a log overthere.
    I will notify an expert to help you further.
    They'll help you get rid of your nasties, and soon you'll be one happy Hershon again.

    :)
    Cu around.
    Regards,
    slammer
     
  7. Hershon

    Hershon Registered Member

    Joined:
    Aug 29, 2004
    Posts:
    7
    Thanks Slammer

    Thank you slammer. I'll try to go over there. I'm having trouble understanding these log things though.
     
  8. slammer_JvA

    slammer_JvA Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    1,588
    Location:
    Below sea-level. Safe and sound behind our dikes:
    Re: Thanks Slammer

    Nothing to be ashamed of. That's why I advice you to trust on the 'experts' here, and follow their lead. By the way, read carefully and take your time; the logging-service has been stopped at this forum, but there are directions to other trusted sites at the bottom of the thread mentioned earlier (see step 3), where you can post.
    Soon, I expect Snapdragin to contact you. Don't do anything hasty and you'll be alright in no time.

    Good luck
    slam
     
    Last edited: Aug 31, 2004
  9. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Hershon,

    It looks like you've already received some excellent advice, so I'm not sure if what I can add will be of further help or not.

    I'm wondering why there is even a entry left there in msconfig to be unchecked after scanning with AdAware, Spybot S&D and PestPatrol. NoAdware, as mentioned in the link Notok posted, has many false/positives as a goad to get you to purchase it. Since it is the only program that is saying there is still a registry key there for p2p networking, then saying it fixes it, just to say it finds it again upon another scan, and yet the trusted spyware removal programs are not picking it up at all, that to me sounds very suspicious.

    Can you tell me where the location is of this registry key that NoAdware is calling p2p networking?

    Right now I would suggest uninstalling NoAdware completely (if you can), rebooting your computer and do another full scan with AdAware and Spybot S&D while in Safe Mode. It wouldn't hurt to do an on-line scan also just as a double-check: Free Services

    As Slammer already mentioned, I'm afraid we no longer do HijackThis log analysis here at Wilders, although that would help show if there was anything still listed in startup so you might want to follow up with posting a HijackThis log at one of the sites listed in the link Slammer gave you and have the log checked.

    Here is also a link with more information and manual cleaning of p2p Networking: Spyw_PPNETWORK.A

    Please let us know how you do, and if you do decide to post a HijackThis log at one of the spyware removal forums, let me know and I'll come take a look also. :)

    Regards,

    snap
     
  10. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    That's interesting.. here's what the Kephyr site (the makers of Bazooka Spyware Scanner) has to say about P2P Networking:
    http://www.kephyr.com/spywarescanner/library/p2pnetworking/index.phtml

    It may be putting a trace of it there just so it can detect it. If there's no "P2P Networking" in your Program Files folder, I wouldn't suspect it's installing the actual program. Under "command" (in msconfig) does it just say "C:\Program Files\P2P Networking\p2pnetworking.exe" (or something like that, a non-existant file)?
     
  11. Hershon

    Hershon Registered Member

    Joined:
    Aug 29, 2004
    Posts:
    7
    AdwatchSE is apparently what could be causing this?

    I should clear up that in my paranoia or maybe not, I either got freeware or paid on a trial basis for PestPatrol & Spy Sweeper in Addition to NoAdware SE and all of those detected P2P Networking as dangerous spyware in my system but everytime I tried to delete them on all 3 of these "spyware Busters" p2p networking wouldn't stay deleted. On my msconfig the entry was just p2p networking and as I said I couldn't get rid of the check next to it until I took the check out for Adwatch SE Plus which I stumbled upon figuring out by accident, not intelligence! I also discovered if I ran Adwatch SE Plus "p2p networking" would reappear back on msconfig and would then be detected again as spyware. I also have and this could be related to this in msconfig a an entry though UNchecked with a blank space under StartUp Item and Command though it does give the location as software\microsoft\windows\current version\run Hewlett Packard thinks that also must be spyware. Oh, according to the registry for the p2p spyware it was under Hkey_Local_Machine_software\microsoft\windows\current version\run\p2p networking (as best as I can remember) and I could find that by going to reedit using run, I'd delete it and then as soon as I clpsed regedit it would be back on the register.
    The worst thing about this is that it was like knowing you had an inch on your body, scratching it, having the itch go away and then come back 5 minutes later in an endless loop!
    I hope maybe this might help someone out if not confuse the hell out of them! The other thing people should be aware of is that apparently one can get significantly different results on Nortons 2004 AntiVirus, AdAware SE, Spybot producing similar results and PestControl, SpySweeper & NoAdare producing more detections of spyware!
     
  12. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Re: AdwatchSE is apparently what could be causing this?

    Hi Hershon

    Do as snapdragin advised you in post nr. 9.
    Regarding Pest Patrol and Spy Sweeper, go for Spy Sweeper, PP has to many false positives (do a search on this here on wilders, if you don't believe). The Spy Sweeper trial version doesn't have as many signatures as the full vers ( currently 29177), but here is a tip if you wish buy ( at least it was posible when i used the trial), it's only posible to update the trial once when installing, but if you press the update button you are led to a page where you can purchase a two year license for $39.95 instead of a one year $29.95. :)
     
    Last edited: Sep 1, 2004
  13. Hershon

    Hershon Registered Member

    Joined:
    Aug 29, 2004
    Posts:
    7
    Thanks
     
  14. slammer_JvA

    slammer_JvA Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    1,588
    Location:
    Below sea-level. Safe and sound behind our dikes:
    Hi Hershon,
    Hope this has got you on your way.
    Nice thing about this is: I'll have a closer look again myself as well, on those other sites.
    One never can get educated enough, and the word "over-protection" does not exist in my encyclopedia ;)

    regards,
    slammer
     
  15. I_charcoal_I

    I_charcoal_I Guest

    well man your not alone we sound like were in the same boat with the regedit and evey thing so if you find out how to remove it e mail me ~snip~ - removed email~ and if i do ill tell you on here . by the way you can try this i didnt do to well with it but i could locate evey thing it told me to so give it a shot . and can you find your system32 file i cant mine there cuz pc still works but i think it has changed to prefetch and all the dlls turned to .pfs mabey not but i have a p2p in there to well late keep me up on it. GOOD LUCK
     
    Last edited by a moderator: Jun 2, 2005
  16. I_charcoal_I

    I_charcoal_I Guest

    delete these if you can find them but i couldnt
    # cmd.com
    # netstat.com
    # ping.com
    # regedit.com
    # taskkill.com
    # tasklist.com
    # tracert.com
    # z.txt
    ---------------------------------
    # Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
    # In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>
    Windows>CurrentVersion>Run
    # In the right panel, locate and delete the entry:
    p2pnetwork = "p2pnetwork.exe"
    # In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>
    Windows>CurrentVersion>RunServices
    # In the right panel, locate and delete the entry:
    p2pnetwork = "p2pnetwork.exe"
    # In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>Run
    # In the right panel, locate and delete the entry:
    p2pnetwork = "p2pnetwork.exe"
    # In the right panel, locate and delete the entry:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>RunServices
    # In the right panel, locate and delete the entry:
    p2pnetwork = "p2pnetwork.exe"
    # In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>Run
    # In the right panel, locate and delete the entry:
    MsConfigs = "%Program files%\MsConfigs\MsConfigs.exe"
    (Note: %Program Files% is the default Program Files folder, usually C:\Program Files.)
    --------------------------------
    1. Still in the Registry Editor, in the left panel, locate and delete the entry:
    HKEY_CURRENT_USER>Software>Microsoft>
    OLE
    2. In the right panel, locate and delete the entry:
    p2pnetwork = "p2pnetwork.exe"
    3. In the left panel, locate and delete the entry:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    OLE
    4. In the right panel, locate and delete the entry:
    p2pnetwork = "p2pnetwork.exe"
    5. In the left panel, locate and delete the entry:
    HKEY_CURRENT_USER>System>CurrentControlSet>
    Control>Lsa
    6. In the right panel, locate and delete the entry:
    p2pnetwork = "p2pnetwork.exe"
    7. In the left panel, locate and delete the entry:
    HKEY_LOCAL_MACHINE>System>CurrentControlSet>
    Control>Lsa
    8. In the right panel, locate and delete the entry:
    p2pnetwork = "p2pnetwork.exe"

    ---

    Admin note - I_charcoal_I - you have given the instructions as described by Trendmicro for the WORM_ALCAN.A - We do appreciate in future if a link to removal instructions are posted so full information is available, rather than trying to type out the removal steps here. - snap
     
Loading...
Thread Status:
Not open for further replies.